Michelle Drolet
August 2, 2019
10 things
10 Things I Know About ... Cyber security awareness
By Michelle Drolet
10) Employees are the weakest link. To err is human. Ponemon claims 34% of data breaches involving employees cost an average of $9 million – more than twice the global average of all breaches.
9) Get buy-in from the top. The C-suite must commit to cyber security via stated policies spelling out consequences for non-compliance (i.e., hefty fines, lost productivity, business interruption). Buy-in ensures increased support from multiple groups.
8) Build benchmarks. Start by establishing a baseline to know what employees know before & after your security awareness training. Use phishing or ransomware simulators to test failure points and readiness. Study participant rates and class feedback to assess if training needs updating.
7) Evaluate your threat exposure. Document your most critical assets. Send out company-wide cybersecurity questionnaires; use the results to roll out a larger program to be used to target vulnerable employees identified in the assessment.
6) Use data to measure effectiveness. Before launching your program, tally the number of security incidents affecting your business; count incidents reported by employees, then assess quarterly afterwards.
5) Conduct awareness training. Cyber security awareness is the essential counterstrike against bad actors and key to avoiding data breaches. Training all employees is the best front-line defense, followed by technology support. Smaller, break-out meetings work best.
4) Train employees to hook a phish. Bogus emails (or texts) with malware payloads (attachments & links) is most common attack vector. Test and train employees to identify various social engineering techniques.
3) Get creative with content. Engage employees with video and images evoking emotions to motivate them into action. Fine tune your training content based on different audiences; standard off-the-shelf training may not fit all.
2) Know your regulations. Federal and state compliance mandates can help establish best practices and processes required by regulators. Knowing your program is compliant can help strengthen your cyber security defenses.
1) Make training a continuous process. Set up a consistent cadence of ongoing training programs to cover most security threats. Begin at time of on-boarding new employees, share published news stories of major data breaches to keep security issues top of mind. Recruit managers to send out alerts to emphasize this cultural shift towards awareness.
Michelle Drolet is CEO of Framingham data security provider Towerwall. She is listed among the Top 25 Women in Cybersecurity by Cyber Defense magazine. You may reach her at michelled@towerwall.com.
WBJ Web Partners
Most Recent
Most Recent
0 Comments